major.io words of wisdom from a systems engineer

This is why we can’t have nice things: malware callbacks to icanhazip.com

I figured it would only be a matter of time until people used icanhazip.com for evil deeds. Someone linked me to these Sophos analysis pages:

Detailed Analysis - Troj/Agent-ADRF

Detailed Analysis - Troj/Mdrop-FIM

I’ve worked with a couple of these vendors to get my site removed from their products’ blacklists but I’m not sure how long that will stay in place. I’d really like to hunt down user agents so that I can deny requests from certain malicious scripts and other malware but I don’t have enough intel on the malware to get started. If anyone is able to help, please let me know.